An Economic–Business Approach to Clinical Risk Management

: This paper introduces risk factors in the ﬁeld of healthcare and discusses the clinical risks, identiﬁcation, risk management methods, and tools as well as the analysis of speciﬁc situations. Based on documentary analysis, an e ﬃ cient and coherent methodological choice of an informative and non-interpretative approach, it relies on “unobtrusive” and “non-reactive” information sources, such that the research results are not inﬂuenced by the research process itself. To ensure objective and systematical analysis, our research involved three macro-phases: (a) the ﬁrst involved a skimming (a superﬁcial examination) of the documents collected; (b) the second reading (a thorough examination) allowed a selection of useful information; (c) the third phase involved classiﬁcation and evaluation of the collected data. This iterative process combined the elements of content and thematic analysis that categorised the information into di ﬀ erent categories which were related to the central issues for research purposes. Finally, from the perspective of safety analysis and risk management, we suggest that comprehensive control and operation should be conducted in a holistic way, including patient safety, cost consumption, and organizational responsibility. An organizational strategy that revolves around a constant and gradual risk management process is an important factor in clinical governance which focuses on the safety of patients, operators, and organizations.


Introduction
Since the outbreak of COVID-19, the issues of risk management and clinical risk have attracted widespread attention from people all over the world (Yue et al. 2020a;Luo et al. 2020;Wang et al. 2020;Liu et al. 2020;Yue et al. 2020b). Risk management is critical to clinical governance healthcare organizations. Risk management involves performing a comprehensive analysis to uncover underlying factors causing adverse events. Effective risk management contributes to ensuring the quality of care in the clinical sector. Although some empirical research findings reinforce risk management in multiple fields, it often relies on risk management tools, and users need to understand how to implement effective risk management in the clinical context (Bowen 2002).
To foster an effective risk management approach, there is a need to uncover factors that determine the risk degree as a first step. There are many factors defining "risk degree" in the healthcare sector, which can be schematically grouped into the following categories (Comite 2018): (a) Structural-technological factors represented by features of the healthcare unit, including plant design (design and maintenance); safety and logistics of the environment; equipment and tools (functioning, maintenance, renovation); and infrastructure, coverage, digitalization, and automation; (b) Organizational-managerial tools and work conditions represented by the organizational structure of the system (roles, responsibilities, work distribution); by policy and management of human resources (organization, leadership styles, incentives system, supervision and control, training and updating, workload and shifts); by the organizational communication system; by the ergonomic aspects (for example, monitoring, alarms, noises, and light); and by policies for promoting the safety of the patient (guidelines and patient diagnosis/treatment plan, error report system); (c) Human factors (both individual and team-related) identified in the characteristics of the staff (perception, attention, memory, ability to make decisions, perception of responsibility, mental and physical conditions); in the professional skills; in the interpersonal and group dynamics; as well as in the subsequent level of cooperation; (d) User characteristics, such as epidemiology and socio-cultural aspects (demographic aspects, ethnicity, socio-economic environment, education, ability to manage situations, complexity, and compresence of acute and chronic conditions) and social networking; (e) External factors including the regulation and the obligations set out by the law, the financial limits, the socio-economic-cultural context, and the influence of public opinion and of the media of the professional organizations and public protection organizations as well as of the insurance companies.
In this context, the realization of safe and reliable treatments is inspired by the principle of pursuing the safeguarding of life and physical and psychological health of the sick and the relief of suffering (Barresi 2014).
The law has placed at the base of these issues the concept of prevention of adverse events linked to the delivery of the health service. However, the actions realized to reduce the incidence of adverse events, even in developed countries, are still insufficient, given the intolerable financial effects. The negative financial effects are a result of legal proceedings and compensation, diagnostics and treatments, negative exposure, and damaged reputation as well as in social costs in the form of growing morbidity of the population, reduction in their working ability, as well as the loss of trust in health systems and institutions. Therefore, it has become a priority to make changes in health organizations to respond to the regulatory requirements as well as to satisfy the old, yet new ethical and deontological principles meant to safeguard health (Ministry of Health 2018).
As in other complex systems, even in the healthcare sector, some accidents and mistakes occur, which are comparable to a "business risk" that, even intuitively, appears to be proportional to the complexity of the system itself. It is important, therefore, to provide a possible systematic response, following a business approach to problems concerning issues of treatment safety and risk management linked to the delivery of the health services that still, even in countries with highly evolved healthcare systems, do not always find an adequate solution (Comite 2017).

Clinical Risk
Most health organizations have a complex system where the activity is executed with the succession of a series of actions in which human, technological, environmental, and other factors intervene. Consequently, the risk of an adverse event is inherent, and therefore ineradicable. The purpose of risk management is to contain and/or avoid adverse events through a process of systematic identification, evaluation, and treatment of the present and potential risks linked to the activities conducted within the health structure. The term "clinical risk" is defined as the possibility of a patient suffering an "involuntary damage or discomfort, attributable to the treatments received, which causes an extension of the time spent in hospital, a worsening of his/her health conditions, or death" ( Table 1). The term "health treatments" includes the diagnostic investigation (Bizzarri and Farina 2018).

Adverse event
An unexpected, unintentional, or undesirable event related to the treatment process not associated with the clinical condition of the patient, which entails damage to the patient with or without after-effects or an extension of the time spent in hospital

Active fault
Failure to execute an action as planned (execution error) or choice of an incorrect plan to reach a certain objective (planning error); it occurs shortly after the adverse event

Latent fault
A failure to execute an action that occurred far back in time and space from the adverse event

Sentinel event
A particularly serious adverse event, potentially descriptive of a serious malfunction of the system, which may entail death or serious damage to the patient, and that determines a loss of trust of the citizens toward the healthcare system. Due to the seriousness, it is sufficient for any of these events to occur once for the organization to (a) operate an immediate survey to verify what eradicable or reducible factors have caused or have contributed to causing it and (b) implement adequate corrective measures

Damage
Any negative consequence deriving from the event

Accident
An event that has caused or had the potentiality to cause an adverse event

Near Miss
High-risk situations or events that, for fortuitous reasons or because of a prompt intervention of an operator, have not determined an accident

Barriers
Protection of the patient, classified as physical or technological barriers (hardware), operational barriers (software, procedures, checks, organizational system) human barriers (healthcare staff, the patient himself and/or his relatives)

Contributing factors
Factors that have contributed to the realization of the human error due to some characteristics of the patient, factors linked to the task, individual factors, factors linked to the work team, factors linked to the work environment, organizational factors, and factors linked to the institutional background

Risk
Potential condition or event, intrinsic or extrinsic to the process, that can modify the expected outcome of the process. It is measured in terms of probabilities and consequences, as the product of the probability that a specific event might occur (P) and the seriousness of the damage that results from it (G); the ability of the human factor to understand ahead of time and contain the consequences of the potentially damaging event (K factor) is also considered in the calculation of the risk Clinical risk management involves identifying, preventing, and managing the error risk in the health care sector by creating a culturally favorable environment for reporting adverse events and by learning from these events as a future guarantee for patients (Casati 2000). In Table 2, we link the themes of this paper to representative articles in the literature. We have read many tens of articles but have just included the quality ones germane to our arguments in our paper.  (Wilson et al. 1993) Healthcare and illness (Donabedian 2003) Safety tools and perspectives (Khezr et al. 2019)

Identification, Analysis, and Risk Management Methods and Tools
Risk is innate in any human activity; there are no zero-risk activities. Hence, safety protects against unacceptable risks, e.g., clinical risk from drugs; errors and risks in laboratory medicine; safety in the use of blood; and risk in radiological, surgical, anesthesiological activities (Comite 2014). The study of adverse events or almost-adverse events to identify the causes that have contributed to them and to learn from mistakes may help to avoid such events from reoccurring. There are several methods and tools for error analysis and risk management that have been developed internationally over the past few decades. The purpose of the analysis methods is to highlight the insufficiency in the system that may contribute to the occurrence of an adverse event and to highlight and project proper protective barriers. Despite the common final objective, there are two different approaches: 1.
Proactive approach: The analysis begins from the review of the processes and the existing procedures, identifying critical points in the different phases. This approach can be used in the conceptual and design phases of new procedures, processes, and technologies aimed at realizing protective barriers to prevent human/active errors; 2.
Reactive approach: The analysis starts from an adverse event and retraces the sequence of events to identify the causative or contributory factors to the main event. Both these approaches can be used in a health organization where risk management processes are introduced (Martini and Pelati 2011).

Risk Identification Tools
The tools for risk identification are classified as (a) reporting systems; (b) safety briefing; (c) safety walkaround; (d) focus group; (e) medical records review; (f) screening; (g); observation (Buscemi 2009): (a) Reporting systems An efficient reporting system is an essential component of a safety program. It is a structured modality for the gathering of information related to the occurrence of adverse and/or almost-adverse events. The purpose of it is to provide information on the nature of the events and the related causes to learn and intervene with appropriate preventive measures and to disseminate the knowledge and guide specific research in areas deemed to be most critical. Regarding the contents, the system can be: -open, that is, to gather any type of data related to adverse or almost-adverse events referring to the whole of the services; -predefined, that is, to gather all data related to a definite list of events (for example, sentinel events) or to a specific area (for example, drugs).
Regarding the reporting modality, it can occur via a predetermined or free text format, sent via e-mail, phone, electronic filing, or via the web, implementing all proper forms of protection and confidentiality of the reporting. The figure being reported must be specified in the reporting system. In some systems, the reporting is conducted by general management, by operators in others, and some systems even allow relatives, patients, and citizens to report events. Moreover, the reporting system must allow the identification of new and suspected risks, for example, complications associated with the consumption of drugs or new products. Therefore, the data gathering must always be followed by an analysis. However, healthcare organizations may have difficulty adhering to the reporting operations for a variety of reasons: the belief in a scarce efficacy of the system and resistance to changes; -a defensive attitude; -investment in resources.
The adverse event and almost-adverse event reporting system allows the acquisition of information related to similar cases in other organizations, offering the opportunity to generalize the problem and to develop more efficient solutions. The reporting system is divided into two categories: learning systems, usually voluntary systems designed to guarantee continuous improvement of the quality of the treatments. The recommendations that are elaborated after careful analysis are useful to redesign and improve healthcare processes; -accountability systems based on the principle of accountability; they are compulsory and are often limited to predefined events, for example, sentinel events. Many accountability systems use disincentivizing mechanisms such as fines and sanctions, and the efficacy of these systems depends on the ability to convince whoever is needed to report and act with consequential measures. These systems may also be considered as learning systems if the information received is analyzed with transparency, and the actions undertaken are spread to all operators.
Many reporting systems developed are placed in one of the two categories, but the objectives of the two systems are incompatible with one another. However, from this choice derives the compulsoriness or the voluntary nature of the system. Interestingly, in Italy, the so-called incident reporting systems have been implemented on a regional level and in healthcare organizations. These systems gather all adverse and almost-adverse events for the analysis and provision of preventive actions.

(b) Safety briefing
The safety briefing is a simple and easy-to-use tool to ensure a culture and a shared approach towards patient safety. It is a method that allows the creation of an environment in which the safety of the patient is the priority; that stimulates the sharing of information regarding potential or real risk situations. It consists of a brief debate, a conversational yet structured discussion regarding the potential risks for the patient that are present in the operational unit. In quantitative terms, it allows an easy measurement of the achievement of safety objectives. The safety briefing must not be punitive; it may refer to a list of safety issues; and it must be easy to use, easily applicable, and usable for all issues regarding patient safety. The briefing should be facilitated by a moderator, who can explain the reasons and the objectives, and be conducted at the beginning of a shift for a maximum of five minutes to involve all operators caring for the patient.
It should begin with the detection of problems, data, and observations (in the absence of a specific situation, it can revolve around potential issues). At the end of the shift, there must be a debriefing (another very short meeting) to investigate whether there have been potentially risky situations during the activity or whether there are questions from the patients or their relatives. The introduction of this method must be tailored to the needs of the operational unit, enabling regularity, continuity, and response to any issues that may arise. The immediate return is the higher accountability in individual behavior, more attention toward patient safety, an improved work environment, and enhanced "teamwork".
(c) Safety walkaround This method consists of "visits" mandated by management that those in charge of safety conduct in the operational units to identify, together with the staff, issues linked to safety. The staff are invited to report events, causation or concurring factors, almost-events, potential problems, and possible solutions. An important added value derives from the fact that the information gathered in this process often already has a solution that lies in the description of the event and therefore can often introduce an immediate change to improve the safety and assistance process. The representatives identify some priorities and the healthcare team develops solutions with all staff. The gathering must be anonymous, and the issues that emerge are entered in a database that registers the reports and the subsequent corrective actions.
The organizational modalities entail meetings within the operational units, between the experts and a small group or singular operators, which last a few minutes, in which they gather and stimulate all the reports of what concerns damage or risk situations. However, common barriers to overcome are the fear of the operators being punished or blamed for reporting and mistrust in the subsequent corrective actions; therefore, it is imperative to provide feedback to the operational units, to ensure they understand the importance and the serious consideration with which the reports are dealt with.
Patient safety culture is included in a greater cultural change that provides an open relationship between the various operators and an atmosphere of integration and cooperation. It should be clear to all those that conduct the visit, but most of all to the frontline staff, that the investigational objective is not individual behaviors, rather the system implemented for the safety of the patient. The proposed system stimulates the staff to critically observe behavior and practices to recognize the risks from a different perspective. It is extremely useful that the system is official and recognized. This modality has the advantage of being low-cost, allowing the identification of risks and changes needed in a specific context, and it does not require staff, structures, or infrastructure.

(d) Focus group
The focus group is a typical methodology in social research, particularly applicable in exploratory research, to uncover unknown factors. Introduced long ago into the healthcare system, it is useful to identify all aspects of a problem from people's experiences and perceptions; therefore, it can be conducted with singular professional figures or with a team, with patients, relatives, and other stakeholders. The discussion, which lasts about half an hour, should be led by a qualified moderator. The efficacy of the focus group depends on the questions, which must be open and allow discussion and maximum interaction. During the discussion, it is possible to let emerge adverse or almost-adverse events, latent insufficiencies, as well as the essential elements concurring in determining the local safety culture, useful to pinpoint the most efficient strategies to introduce in a specific context.

(e) Medical records review
Review of the medical records has represented a cornerstone in studies on errors in healthcare. It constitutes the most used method for the assessment of quality, allowing investigation of decision-making processes and on the observations of the outcome, analyzing compliance with guidelines and protocols. The review can be explicit when the reviewer searches for specific types of data or events or implicit when an expert physician makes a judgement related to an adverse event and/or error, for example, the consequences related to the missing viewing of a laboratory examination or the missing change of therapy after the reporting of adverse reactions. The medical records review process can also be used to monitor the progress made in the prevention of adverse events when, for example, safer practices are introduced and, through the review, their level of implementation is evaluated.
The degree of detection of the events through this process is much discussed and is essentially based on the quality and quantity of the information. Some information, for example, laboratory examinations, prescriptions, and medical reports, are objectively researchable, while not all the phases of the decision-making process are traced in the clinical documentation and therefore remain implicit. Furthermore, the researcher has an opinion that is affected by their specific competence, as well as by other variables. While serious adverse events are almost always reported, minor errors and conditions never are, so almost-adverse events are rarely noted; hence, medical records are useful in preliminary investigations, but they give very limited contextual information. Other limitations to the use of this technique are the high cost, the need for a homogeneous preparation of the researchers, and the drawing of a reading grid. The selection of the medical records to review can be focused on a specific type of event related to critical points of the existing process.

(f) Screening
This method identifies possible adverse events using the data available in the healthcare systems. Databases can be researched retroactively or in real-time, or traditional paper archives can be consulted. It is possible to identify the presence of certain events, previously classified as "indicators", for example, a return in the operating room or repeated hospitalizations for the same problem or the prescription of an antidote in the case of adverse events due to drugs.

(g) Observation
Observation to identify errors is a methodology that should be used in a targeted manner and limited in time. It uses an external and expert observer to detect, with the help of grids, the discrepancies between the healthcare processes implemented and the expected standards. The method is mostly used to detect errors in therapy, and observations on drug administration have demonstrated a high number of errors. Observation requires hard work and therefore is high cost; however, it offers very detailed information, which facilitates the comprehension of the not only of the event but also of the process and the dynamics that have led to the event. It is a method that can be used intermittently, when resources allow, to identify and understand the insufficiencies in the systems and to monitor actions leading to improvements.

Analysis Tools
A clinical risk management program uses different tools for risk analysis, examining events, when they occur, with reactive methods, or analyzing the processes to prevent events, with a proactive modality. Many are possible approaches for the evaluation of the quality and safety of treatments. If the objective is to realize a safe healthcare process, the proactive approach is preferred to the reactive approach. The first category of tools includes root cause analysis, and the second one includes the failure mode and effect analysis (FMEA) and the failure mode and effect criticality analysis (FMECA).

(a) Root Cause Analysis (RCA)
RCA is a tool for the improvement of quality that helps individuals and organizations to identify causes and contributing factors related to an adverse event and develops improvement projects based on the results. RCA was first used in engineering systems, including aviation and the aerospace industry, since these systems require the development of strategies for the knowledge of risk factors. There are databases within the engineering sector that can gather large quantities of information deriving from the application of this analysis technique for further understanding of the causes and contributing factors of adverse events. Therefore, it would be useful to employ such a system in the healthcare sector. RCA is a retrospective analysis that allows for the comprehension and the reasons for the occurrence of an event. It can be applied to all healthcare sectors: hospitals for acute cases, emergency areas, rehabilitation, mental illness, home hospitalization, and in various branches of treatments outside of hospitals. RCA requirements are: establishment of an interdisciplinary group consisting of experts in the matter; -participation of those involved in the incident; -impartiality in highlighting potential conflicts of interest.
Further requirements that grant the accuracy and the credibility of the RCA are the participation of management and of all those that are most interested in the process and the system, as well as the confidentiality; that is, the information that comes into one's knowledge must be protected, not disclosed, with levels of data protection established (Wilson et al. 1993).

(b) The Failure Mode and Effect Analysis (FMEA) and the Failure Mode and Effect Criticality Analysis (FMECA)
FMEA is a method used to identify weaknesses of a processes via a proactive approach. The objective of its implementation in healthcare systems is to avoid adverse events that might cause damage to patients, relatives, and operators. It is designed to prospectively examine a process to highlight possible weaknesses and redesign it. The method was created in the United States in 1949 in the military field and applied to healthcare settings in the 1990s. It is based on the systematic analysis of a process conducted by a multidisciplinary group, led by a manager, to identify the modalities of the possible failure of a process or project, the reason of the effects that might be obtained, and what could make the process safer. The first investigative phase provides an analysis of the literature, the gathering of the documentation, and possible interviews with the operators. The second phase is the analysis phase, during which the process is subdivided into macro activities, which are analyzed, with singular tasks pinpointing the possible errors (types of error). The error probability is quantitatively evaluated, while the seriousness of its consequences is evaluated qualitatively. To make an "assessment of the risk", the modality of occurrence of the error or fault (failure mode) and its effect (failure effect) are analyzed, thereby involving both qualitative and quantitative analysis. The analysis of the entire process entails the identification of the areas with an intervention priority, and it incorporates the following four points: (1) breakdown of the process in phases with the elaboration of a flow chart; (2) definition of "what could go wrong" (failure mode); (3) definition of "why" the insufficiency might occur (failure causes); (4) definition of the possible effects (failure effects). The group then assigns a few risk priorities (RPN) or priority index risk (IPR) to each phase that consists of: -detection probability (score from 1 to 10); -seriousness (score from 1 to 10).
This technique may be used before introducing new processes, to modify existing processes; to use, in different contexts, processes that are already consolidated; and, lastly, to prevent the repetition of an event that has already occurred.
The advantages include (a) improvement of the quality, reliability and the safety of the process; (b) identification of critical areas of a process through a logical and structured procedure; (c) the reduction of the time needed to develop a process and the related costs; (d) help in identifying the criticalities; and (e) the supply of a database.
The main limitation of this analysis technique is that insufficiencies are treated as if they were singular units statistically analyzed, while, in the healthcare sector, adverse events are the result of multiple insufficiencies and conditions that are often related (Stamatis 1995). When further quantitative analysis is added to FMEA to calculate the level of criticality of the problem identified (criticality analysis), with the attribution of a criticality index, the FMECA technique is applied.

(c) Clinical audit
The word audit derives from the Latin word, which means "to hear", to listen, and to learn, and it was used first in the "financial" framework when landlords asked their administrators to account for the employment of the resources in a given time frame. Audit in healthcare was introduced by Florence Nightingale, a nurse and a statistics expert in 1854, during the Crimean war, addressing the high mortality of patients undergoing surgery. After the application of this method, new strict preventive measures were introduced that reduced mortality rates from 40% to 2%.
The audit allows (a) a guarantee that patients receive the best possible care; (b) an improvement in clinical practice; (c) an improvement of multidisciplinary work; (d) a facilitation of optimization of the available resources; (e) an opportunity for training continuous professional development.
In the specific framework of patient safety, it allows one to (a) identify the risks related to the clinical activity and the organization; (b) identify errors or almost-adverse events; (c) identify the causes and the contributing and concurrent factors of adverse events; and (d) identify the framework of improvement.
Audit consists of a series of meetings in which the team, possibly multidisciplinary and multi-professional, analyses a clinical case or a healthcare path, identifying the differences to predetermined standards or, should they not be available, with the opinion of internal and external experts. The audit employs clinical and administrative documentation and possible evidence to provide discussion with the amplest scope of information. It would be beneficial to identify in a group a moderator that ensures availability of documentation for the related investigation and the efficient conduct of the meetings and related reporting.
The content of the audit can be (a) outcome of clinical activities and healthcare activities; (b) services; (c) resources and their employment; (d) all forms of assistance, either formal or informal; and (e) organizational processes. The general phases of an audit cycle are (1) choice of topic: evaluation of treatments, services, policies, and organizations, the criteria that help in the definition of the priorities that refer to the frequency of the problems, to the seriousness of the consequences, and to the possibility of implementing preventive solutions or measures; (2) the definition of the purpose and the objectives: the purpose and the objectives must be detailed and specific; (3) identification of the standards: the clinical audit is an activity based on the comparison with defined treatment standards and services. The standards must have certain characteristics that can be summarized with the acronym SMART: Specific (related to the topic), measurable (effectively definable), Achievable (with available resources), research based (based on evidence), and timely (updated); (4) gathering and analysis of the data: the data can be gathered with a review of clinical documentation, with interviews of patients and/or staff, with questionnaires or through reporting systems. The data must be gathered using quantitative or qualitative methods, or both, and analyzed using simple descriptive statistical analysis. The analysis and interpretation of data must always have as a reference point, the standard chosen, and reading of the data must allow decisions to be made, analyzing all available options. Finally, an intervention plan is elaborated with recommendations, actions, responsibilities, and timing; (5) monitoring of expected results following the changes introduced: a re-audit phase is conducted only after the changes have been introduced, and it must follow the same plan as the audit, and only the modified fields should be re-audited.
At the end of the audit, a report is written and improvement measures identified. The audit process, to be a safety tool, must become systematic; therefore, measures introduced following audit must be monitored over time. A very delicate phase is the one in which the results are communicated to the operational unit, which must be involved in all improvement measures (Spano and Tradori 2015).

Safety as a Non-Dynamic Event
Safety is an abstract concept, as it does not exist in nature, but safety is not a "non-event"; rather, it is a dangerous threat, because a non-event tends, by nature, to be taken for granted. In an organization, when one is forced to face a constant productive tension, the absence of undesired events may be a reason to take resources away from safety. Since safety is not a definite characteristic, it needs a series of active and dynamic provisions to obtain constant results. Safety is therefore defined as a non-dynamic event.
In many activities, the concept of safety is taken for granted, as in the transport sector (planes, cars, trains, boats), in building construction, in industry, at work, and on a domestic level. In all these fields, safety issues have been addressed much earlier than in the healthcare field, where they have been accepted at least a decade later, starting from the 1990s (Trinchero and Lega 2016). Interestingly, the "Reason" classification regarding safety culture is founded on (1) learning culture; (2) informed culture; (3) right culture; (4) reporting culture; and (5) flexibility culture (Reason 2000). As well as the concept of safety, the definition of quality is also complex. Quality is, in general, any characteristic, property, or condition of a person or a thing that is useful to determine the nature of them and to distinguish them from others (including positive quality, negative quality, physical quality, morals, chemical qualities of the matter, a person with many good qualities, first or second quality goods, and a good quality/bad quality product). In the healthcare sector, quality reflects the gap between what can be done and what is realized in a certain context; when the gap is small, the quality is good, when it is large, the quality is bad (Leggeri and Perrella 2011). According to Donabedian, there is a relationship between the quality of the healthcare assistance and the illness, as shown in Figure 1; unsafe treatments, at the bottom, worsen the evolution of the untreated illness. distinguish them from others (including positive quality, negative quality, physical quality, morals, chemical qualities of the matter, a person with many good qualities, first or second quality goods, and a good quality/bad quality product). In the healthcare sector, quality reflects the gap between what can be done and what is realized in a certain context; when the gap is small, the quality is good, when it is large, the quality is bad (Leggeri and Perrella 2011). According to Donabedian, there is a relationship between the quality of the healthcare assistance and the illness, as shown in Figure 1; unsafe treatments, at the bottom, worsen the evolution of the untreated illness. Healthcare quality also includes the manner and kindness with which the treatments are provided (Donabedian 2009). Maxwell identified six dimensions of quality in healthcare: (1) technical excellence; (2) social acceptability; (3) kindness; (4) cost; (5) access equity; and (6) response to needs (Malinverno 2013). However, safety is missing from this list. Blockchain has been used as a method to improve patient safety and bring a holistic approach to risk management (e.g., Upadhyay 2020). Blockchain involves a distributed network where identical copies of the data are stored on multiple electronic devices that cooperate to verify new data transactions (Khezr et al. 2019). Data are captured on a digital ledger that creates a growing list of events similar to an audit log; blocks are aggregated with a type of cryptography using complex mathematics. Blockchain offers the opportunity to enable access to longitudinal, complete, and tamper-aware medical records that are stored in fragmented systems in a secure fashion (Zhang et al. 2018). Such approaches need to be compatible with regulatory constraints (Charles et al. 2019).

Conclusions
Clinical risk management aims to increase patient safety, as well as safety of other actors, including healthcare assistants and visitors, who interact with the healthcare organization, improve outcomes, indirectly contain costs, and reduce preventable adverse events and, consequently, any cause for legal proceedings. The risk management function is to provide the organization with all the required information to "learn from one's mistakes", overcoming the punitive idea of error as a failure ascribable to individual responsibilities (that is, responsibilities of the singular operators), taking into account that very often, the operator that makes a mistake is facilitated by favorable conditions linked to the organizational context and/or to the corporate strategic choices.
A documentary approach such as that we suggest does have some disadvantages, for example, the potential for lack of detail and bias of selection for inclusion. There may also be issues when readers try to retrieve the documents. It is important to select stable documents, as we have done for this paper.
The major contribution of this paper is that we have synthesized a review based on an economicbusiness approach, which is novel and gives the potential for a more holistic approach to clinical risk management, where clinical governance uses the appropriate tools to ensure the safety of patients, Healthcare quality also includes the manner and kindness with which the treatments are provided (Donabedian 2009). Maxwell identified six dimensions of quality in healthcare: (1) technical excellence; (2) social acceptability; (3) kindness; (4) cost; (5) access equity; and (6) response to needs (Malinverno 2013). However, safety is missing from this list. Blockchain has been used as a method to improve patient safety and bring a holistic approach to risk management (e.g., Upadhyay 2020). Blockchain involves a distributed network where identical copies of the data are stored on multiple electronic devices that cooperate to verify new data transactions (Khezr et al. 2019). Data are captured on a digital ledger that creates a growing list of events similar to an audit log; blocks are aggregated with a type of cryptography using complex mathematics. Blockchain offers the opportunity to enable access to longitudinal, complete, and tamper-aware medical records that are stored in fragmented systems in a secure fashion (Zhang et al. 2018). Such approaches need to be compatible with regulatory constraints (Charles et al. 2019).

Conclusions
Clinical risk management aims to increase patient safety, as well as safety of other actors, including healthcare assistants and visitors, who interact with the healthcare organization, improve outcomes, indirectly contain costs, and reduce preventable adverse events and, consequently, any cause for legal proceedings. The risk management function is to provide the organization with all the required information to "learn from one's mistakes", overcoming the punitive idea of error as a failure ascribable to individual responsibilities (that is, responsibilities of the singular operators), taking into account that very often, the operator that makes a mistake is facilitated by favorable conditions linked to the organizational context and/or to the corporate strategic choices.
A documentary approach such as that we suggest does have some disadvantages, for example, the potential for lack of detail and bias of selection for inclusion. There may also be issues when readers try to retrieve the documents. It is important to select stable documents, as we have done for this paper.
The major contribution of this paper is that we have synthesized a review based on an economic-business approach, which is novel and gives the potential for a more holistic approach to clinical risk management, where clinical governance uses the appropriate tools to ensure the safety of patients, operators, and organizations. Future research on regulation, standardization, and cross-border health data retrieving policies including retention and usage intention are increasingly important. Research is also needed on the capability of the blockchain techniques to store and process massive data access transactions in a timely manner. Besides, there is a need for innovative mechanisms and algorithms to minimize the mining delays. The overarching theme for future research is how to ensure overall governance of data across institutions and countries, including how such data may be shared and used to benefit mankind.
In conclusion, risk management involves the activities that allow continuous improvement of clinical assistance to ensure greater patient safety, also taking into account staff safety (biological risk, accidents), environmental safety (structures, machinery, plants), risks related to external emergencies or uncontrollable factors (essential services interruptions, maxi-emergencies), and legal-administrative risks (proceedings, insurance cover, some elements linked to professional responsibility). The clinical risk management process should be characterized by multidisciplinary integration between professionals and by the accountability of operators, essential elements to realize and implement actions to reduce adverse events, ensuring treatment safety and patient well-being. Therefore, the organizational strategy should revolve around a constant and gradual risk management process that becomes the tool of clinical governance where the focus is the safety of patients, operators, and organizations in general (Comite 2011).
The COVID-19 epidemic has brought a heavy price to the people of the world. This emphasizes that clinical risk analysis is very important. If we can pay attention to the aspects discussed above, we may be able to reduce the loss of people's lives and have a positive effect on restoring confidence and improving the economy in the future. We hope that through our analysis, we can provide references for colleagues throughout the world. Funding: This research received no external funding.

Conflicts of Interest:
The authors declare no conflict of interest.